Author Archive - Symphony Luo (Mobile Threat Analyst)

The presence of malicious apps on Google Play and other popular Android app providers remains a persistent problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google Play and two third-party Android app distributors.

Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps, we are still noticing that these apps are being peddled on popular third party app providers. Some were even downloaded more than 100,000 times.

During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and two other third party app providers we’ve observed. The chart below shows a comparison of the number of unique malware available on these sites.

We noted that there are specific malware families available per site. The pie charts below show the distribution for each app provider. For app Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake versions of well-known apps. Once users are tricked into installing them, these apps steal sensitive information from the device and send these to remote servers.

For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants. GAPUSSIN variants are known to download other malicious apps and steal information from users.